From 8dc4d2f908d9eae3dd727d2491a37646055e619e Mon Sep 17 00:00:00 2001
From: Antonio Davi Macedo Coelho de Castro <adavimacedo@gmail.com>
Date: Thu, 29 Aug 2019 18:43:51 -0700
Subject: [PATCH 1/2] Fix beforeLogin trigger when user has a file

---
 src/Routers/UsersRouter.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/Routers/UsersRouter.js b/src/Routers/UsersRouter.js
index b6ddc28fae..7af3f31ed4 100644
--- a/src/Routers/UsersRouter.js
+++ b/src/Routers/UsersRouter.js
@@ -241,6 +241,8 @@ export class UsersRouter extends ClassesRouter {
     // Remove hidden properties.
     UsersRouter.removeHiddenProperties(user);
 
+    req.config.filesController.expandFilesInObject(req.config, user);
+
     // Before login trigger; throws if failure
     await maybeRunTrigger(
       TriggerTypes.beforeLogin,
@@ -261,8 +263,6 @@ export class UsersRouter extends ClassesRouter {
 
     user.sessionToken = sessionData.sessionToken;
 
-    req.config.filesController.expandFilesInObject(req.config, user);
-
     await createSession();
     return { response: user };
   }

From c896c851183901294f64fd375e429387b1c41804 Mon Sep 17 00:00:00 2001
From: Antonio Davi Macedo Coelho de Castro <adavimacedo@gmail.com>
Date: Thu, 29 Aug 2019 18:47:29 -0700
Subject: [PATCH 2/2] Add test case

---
 spec/CloudCode.spec.js | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js
index 6ca9455b65..4acf050365 100644
--- a/spec/CloudCode.spec.js
+++ b/spec/CloudCode.spec.js
@@ -1546,9 +1546,7 @@ describe('Cloud Code', () => {
 
       request({
         method: 'POST',
-        url: `http://${Parse.applicationId}:${
-          Parse.masterKey
-        }@localhost:8378/1/jobs/myJob`,
+        url: `http://${Parse.applicationId}:${Parse.masterKey}@localhost:8378/1/jobs/myJob`,
       }).then(
         () => {},
         err => {
@@ -2383,6 +2381,31 @@ describe('beforeLogin hook', () => {
     done();
   });
 
+  it('should be able to block login if an error is thrown even if the user has a attached file', async done => {
+    let hit = 0;
+    Parse.Cloud.beforeLogin(req => {
+      hit++;
+      if (req.object.get('isBanned')) {
+        throw new Error('banned account');
+      }
+    });
+
+    const user = await Parse.User.signUp('tupac', 'shakur');
+    const base64 = 'V29ya2luZyBhdCBQYXJzZSBpcyBncmVhdCE=';
+    const file = new Parse.File('myfile.txt', { base64 });
+    await file.save();
+    await user.save({ isBanned: true, file });
+
+    try {
+      await Parse.User.logIn('tupac', 'shakur');
+      throw new Error('should not have been logged in.');
+    } catch (e) {
+      expect(e.message).toBe('banned account');
+    }
+    expect(hit).toBe(1);
+    done();
+  });
+
   it('should not run beforeLogin with incorrect credentials', async done => {
     let hit = 0;
     Parse.Cloud.beforeLogin(req => {